Message Center: Rejected and Deferred Messages

Document created by user.Yo2IBgvWqr Employee on Jan 22, 2019Last modified by user.oxriBaJeN4 on Aug 22, 2019
Version 8Show Document
  • View in full screen mode

This guide describes how you can troubleshoot recently failed inbound delivery attempts, by interrogating the rejected and deferred messages queue. 

  • Rejected messages: The reason why Mimecast rejected the message is displayed (e.g. it contained a virus signature, or was destined to a non-existent recipient). As message data cannot be retrieved in these cases, a rejection code is sent to the sending mail server which sends a Non-Delivery Report (NDR) to the sender. Rejected messages cannot be retrieved. 
  • Deferred messages: These are messages that tried to connect to Mimecast, but weren't initially successful (e.g. the message is subject to greylisting). These messages may subsequently be accepted, depending on the reason for the initial temporary failure. If a message is legitimate, you can use the information displayed to address the issue and ensure the message is successfully delivered on the next send attempt.
    The next connection attempt must be made by the mail server between one minute and 12 hours after the initial connection attempt to be successful.

Accessing Rejected and Deferred Messages

You can permit or block deferred messages for the recipient, depending on whether you consider the message to be legitimate or not. Click on the Permit for Recipient or Block for Recipient buttons from the Message Details panel.

Deferred Block ReleaseTo access rejected and deferred messages:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button.
  3. Select the Message Center | Rejected and Deferred Messages menu item.
    The Rejected message queue displays by default. If required, click on the Deferred tab to view deferred messages.
  4. Select a Message to display the failed delivery properties in the Message Details popout panel.
You can export the message information displayed in rejected and deferred messages queue to an .XLSX or .CSV file. See the Message Center: Exporting Messages page for full details.

Searching for Rejected / Deferred Messages

 

You can search for specific rejected and deferred messages by using either:

  • The search field on its own to search all messages in the queue.
  • A filter and the search field to search for specific message information.

 

To search for a message using just the search field:

  1. Enter your search criteria in the Search field.
  2. Either:
    • Press the Enter key.
    • Click on the Search icon.

 

Search Rejected MessagesTo search for a message using the filter:

  1. Click on the All pull down menu.
  2. Select from one of the following options:
    • Rejection / Deferral Type: Searches on the rejection or deferral type (e.g. "Anti-Spoofing Lockout").
    • From (Envelope): Searches on the sender's envelope header information.
    • To: Searches on the recipient's email header information.
    • Information: Searches on the message's content.
    • IP Address: Searches on the message's sending IP address.
  3. Enter your search criteria in the Search field.
  4. Either:
    • Press the Enter key.
    • Click on the Search icon.

 

Common Rejection Types and Resolutions

 

Some common rejection types, and suggestions for resolving the issue, are listed below:

Rejection TypeRejection Description
Rejection Resolution
IP Found in RBLThe sending IP address is a known spammer, and is either listed in a block list, or the IP address has a poor reputation.Add the sender's details to a Permitted Senders policy, and remove the sender from the block list.
Sender Failed to RetryThis applies to unknown sending addresses, where the sending email server hasn't re-attempted delivery of the message within 12 hours.The temporary fail check is part of the greylisting process. It can be bypassed by configuring an Auto Allow, Permitted Senders, or Greylisting policy.
Invalid Recipient AddressThe recipient email address doesn't exist, or is incorrect, so we cannot deliver the message.The sender must resend the message to a valid email address.
Virus Signature DetectedAn anti-virus signature has been triggered, and the message is categorized as malware.Anti-virus checks cannot be bypassed.
Spam Signature DetectedAn anti-spam definition has been triggered. The message is only rejected if there's a very high content of spam words or phrases.Anti-spam checks can be bypassed using a Permitted Senders Policy.
Envelope Rejected / Manual Envelope RejectedA blocked sender policy has been triggered, which prevents the message from being accepted by us.Delete or modify the Blocked Senders Policy to exclude the sender's address.
Rejected by Header Based Blocked Senders – Block Policy for Header FromA blocked sender policy has been triggered, which prevents the message from being accepted by us. The policy is configured to scan the envelope or header address, as described by the error code.Delete or modify the Blocked Senders Policy to exclude the sender's address.
Envelope Rejected – Block Policy for Envelope From Address
Rejected by Header Based Manually Blocked Senders – Block for Manual Block
Anti-Spoofing Lockout - Inbound Not AllowedAn Anti-Spoofing Lockout policy has been triggered. It blocks inbound messages originating from an external source destined to the internal domain, where the external source is masquerading as an internal domain sender.Create an Anti-Spoofing Policy to exclude the sender's address or IP address.
SMTP Code [Error Description]View the Mimecast SMTP Error Codes page for full details.Resolution is dependent on the recipient MTA.
Invalid Sender AddressThe sender address has been blocked by the next hop mail server.This is normally due to Sender Callback Verification failing, and happens when <> (null addresses) are blocked.
IP Reputation PolicyThe sender's reputation has caused the rejection action.View the Monitoring Connections Attempts  page for further details.
Message Size Limit ReachedThe message size is too large to be accepted by us.An Email Size Limits Policies may be in effect.
Sender Location (RS) Found in Geographic RBLThe message has been sent from an IP address in a blocked location.Configure the appropriate Geographical Restrictions Policy.

 

Common Deferral Types

 

Reviewing deferred messages can be helpful when troubleshooting delayed inbound delivery attempts. The mail server will be required to retry the connection, in an attempt to successfully deliver the message. The initial reason for the temporary failure will determine if the email is subsequently accepted. Some common deferral types, and additional details for troubleshooting the deferral, are listed below:

 

Deferral TypeDeferral Details
Attempt GreylistingIndicates that the sending IP server has been subjected to greylisting. The triplet of information is temporarily failed until the mail server retries the connection.
Sender Dropped ConnectionThe remote mail server deliberately dropped the connection.
Remote Server Timed outThe remote mail server timed out during the SMTP conversation, usually while attempting to transfer the email content. A common cause for this is a firewall or other SMTP scanning product, located within the sender's infrastructure, that prevents the content of the message from being sent. This attempt is logged after ten minutes of inactivity from the remote server
Connection Timed OutThe initial connection is made to Mimecast, but the remote server doesn't continue with the SMTP conversation. Mimecast timed out the connection, waiting for the remote server to send data.
Message Ended EarlyThis can be caused by previously infected files that haven't been cleaned correctly by an anti-virus product, and traces of the virus are left in the message. This can also be caused by firewall issues on the sender’s side, or incorrectly configured content rules on a security device.
Local CT IP Reputation Policy (Temporary)The sending IP address has a poor enough reputation for Mimecast to temporarily defer the email (with a 400 series code), but not poor enough to reject the email (with a 500 series code). The database used is dynamic, and updates constantly. If the reputation of the IP address remains the same, the message is accepted in future attempts. If the reputation gets worse, the email is rejected.
You can request a review of your source IP ranges at: http://www.mimecast.com/senderfeedback

 

Auto Allow Policies

 

Auto Allow policies allow inbound mail to be processed more efficiently, by circumventing spam checks. They add external email addresses that internal end users have previously sent emails to, in an "Auto Allow database". When the external address sends a message to the internal user, Mimecast checks the database to see if the address is present. If so, the message bypasses the usual spam checks applied to inbound mail.

 

To add an external sender's address to the auto allow database:

 

  1. Ask the internal end user to send a message to the original sender, asking them to resend the message in question.
  2. When they do, the recipient is added to the Auto Allow database.
  3. When the sender resends the message, it bypasses both reputation and spam scanning checks.

 

See the Configuring Auto Allow Policies page for full details.

 

See Also...

 

Attachments

    Outcomes